Professional Documents
Culture Documents
Conflicting Roles
Conflicting Roles
Conflicting Roles
Task 2
Maintain Bank
Master Data
AP Payments
Maintain Asset
Document
Process Vendor
Invoices
Maintain Asset
Document
Goods Receipts to
PO
Cash Application
Bank Reconciliation
Maintain Asset
Master
Goods Receipts to
PO
Process Overhead
Postings
Settle Projects
Maintain Projects
Settle Projects
and WBS Elements
Maintain Projects
Process Overhead
and WBS Elements Postings
Maintain Bank
Master Data
Cash Application
Maintain Bank
Master Data
Manual Check
Processing
Create / Change
Treasury Item
Confirm a Treasury
Trade
Goods Movements
Vendor Master
Maintenance
Process Vendor
Invoices
AP Payments
Vendor Master
Maintenance
Process Vendor
Invoices
AP Payments
Maintain Purchase
Order
Process Vendor
Invoices
Maintain Purchase
Order
Goods Receipts to
PO
Process Vendor
Invoices
Goods Receipts to
PO
Maintain Purchase
Order
AP Payments
Vendor Master
Maintenance
Maintain Purchase
Order
Maintain Purchase
Order
Bank Reconciliation
Process Vendor
Invoices
PO Approval
Goods Receipts to
PO
PO Approval
AP Payments
PO Approval
Process Vendor
Invoices
PO Approval
Enter Counts - IM
PO Approval
Vendor Master
Maintenance
AP Payments
Purchasing
Agreements
Vendor Master
Maintenance
Purchasing
Agreements
Purchasing
Agreements
Goods Receipts to
PO
Process Vendor
Invoices
Purchasing
Agreements
AP Payments
Service Master
Maintenance
AP Payments
Bank Reconciliation
Maintain Purchase
Order
Enter Counts - IM
Maintain Purchase
Order
Enter Counts - WM
PO Approval
PO Approval
Enter Counts - WM
Manual Check
Processing
Vendor Master
Maintenance
Process Vendor
Invoices
Manual Check
Processing
Maintain Purchase
Order
Manual Check
Processing
Service Acceptance
Manual Check
Processing
PO Approval
Manual Check
Processing
Manual Check
Processing
Purchasing
Agreements
Manual Check
Processing
Service Master
Maintenance
Manual Check
Processing
Bank Reconciliation
Maintain Purchase
Order
PO Approval
Credit Management
Sales Order
Processing
Sales Order
Processing
Clear Customer
Balance
Sales Order
Processing
Maintain Customer
Master Data
Maintain Customer
Sales Rebates
Master Data
Clear Customer
Balance
Maintain Billing
Documents
Sales Order
Processing
Maintain Billing
Documents
Cash Application
Maintain Billing
Documents
Maintain Customer
AR Payments
Master Data
Process Customer
Credit Memos
AR Payments
Cash Application
Sales Document
Release
Sales Order
Processing
Delivery Processing
Process Customer
Invoices
Sales Pricing
Condition
Sales Order
Processing
Sales Pricing
Condition
Cash Application
Sales Rebates
Cash Application
Maintain Customer
Master Data
Process Customer
Invoices
Credit Management
Maintain Billing
Documents
Sales Pricing
Condition
Cash Application
Process Customer
Invoices
Sales Order
Processing
Process Customer
Invoices
Clear Customer
Balance
Process Customer
Credit Memos
Maintain Employee
(PA) Master Data - Process Payroll
0008 - 0009 (
HR Benefits
Process Payroll
3rd Party
Remittance
HR Vendor Data
Maintain Payroll
Configuration
Process Payroll
Maintain Employee
Maintain Payroll
(PA) Master Data Configuration
0008 - 0009 (
Maintain Employee
Modify PD Structure (PA) Master Data 0008 - 0009 (
Maintain Payroll
Configuration
Payroll Maintenance
Maintain Payroll
Configuration
Maintain Employee
(PA) Master Data - Maintain Time Data
0008 - 0009 (
Maintain Employee
(PA) Master Data - Payroll Maintenance
0008 - 0009 (
Payroll Schemas
Basis Development
Transport
Administration
Basis Utilities
Configuration
Basis Utilities
Transport
Administration
Basis Table
Maintenance
System
Administration
Basis Table
Maintenance
Client Administration
Security
Administration
Client Administration
Security
Administration
Transport
Administration
Create Transport
Perform Transport
Maintain Number
Ranges
System
Administration
Maintain User
Master
Maintain Profiles /
Roles
APO Maintain
Model
APO Define
Advanced Macros
Maintain Business
Partner
Service Order
Processing
Service Confirmation
CRM Billing
Maintain Business
Partner
Maintain Billing
Documents
Maintain Business
Partner
Service
Confirmation
CRM Billing
Service
Confirmation
Maintain Billing
Documents
Process Credit
Memo
CRM Billing
Process Credit
Memo
Maintain Billing
Documents
Process Customer
Invoices
Maintain Conditions
Process Payroll
Service Order
Processing
Process Payroll
EBP / SRM
Purchasing
EBP / SRM
Purchasing
EBP / SRM
Invoicing
Enter Counts - WM
Enter Counts - IM
EBP / SRM
Purchasing
Goods Receipts to
PO
EBP / SRM
Purchasing
Service Acceptance
EBP / SRM PO
Approval
Goods Receipts to
PO
EBP / SRM
Purchasing
EBP / SRM PO
Approval
EBP / SRM
Purchasing
Maintain Hierarchies
Process Vendor
Invoices
Maintain Hierarchies
Manual Check
Processing
Maintain Hierarchies
Process Customer
Invoices
Maintain Hierarchies
Maintain Cost
Centers
Maintain Hierarchies
Maintain Asset
Document
Maintain Hierarchies
Maintain Asset
Master
Maintain Hierarchies
Maintain GL Master
Data
Maintain Hierarchies
Maintain Hierarchies
Vendor Master
Maintenance
Maintain Hierarchies
Maintain Customer
Master Data
Description of Risk
Create a non bona-fide bank account and create a check from it.
Pay an invoice and hide it in an asset that would be depreciated over time.
Create an invoice through ERS goods receipt and hide it in an asset that would be depreciated
over time.
Allows differences between cash deposited and cash collections posted to be covered up
Create the asset and manipulate the receipt of the associated asset.
Post overhead expenses to the project and settle the project without going through the
settlement approval process.
Use a fictitious project to allocate overages of an actual project, and settle the project without
going through the settlement approval process.
Manipulate the work breakdown structure elements (profit centers, business areas, cost centers,
plants) and post overhead expenses to the project
Maintain a non bona-fide bank account and divert incoming payments to it.
Create a non bona-fide bank account and create manual checks from it
Users can create a fictitious trade and fraudulently confirm or exercise the trade
Accept goods via goods receipts and perform a WM physical inventory adjustment afterwards.
Accept goods via goods receipts and perform an IM physical inventory adjustment afterwards.
Accept goods via goods receipts and perform an IM physical inventory adjustment afterwards.
Maintain a fictitious vendor and enter a Vendor invoice for automatic payment
Enter fictitious vendor invoices and then render payment to the vendor
Enter fictitious purchase orders for personal use and accept the goods through goods receipt
Enter fictitious vendor invoices and accept the goods via goods receipt
Inappropriately procure an item and manipulating the IM physical inventory counts to hide.
Approve the purchase of unauthorized goods and hide the misuse of inventory by not fully
receiving the order
Commit the company to fraudulent purchase contracts and initiate payment for unauthorized
goods and services.
Release a non bona-fide purchase order and initiate payment for the order by entering invoices
Release a non bona-fide purchase order and the action remain undetected by manipulating the
IM physical inventory counts
Create a fictitious vendor or change existing vendor master data and approve purchases to this
vendor
Risk of entry of fictitious Purchasing Agreements and the entry of fictitious Vendor or
modification of existing Vendor especially account data.
Modify purchasing agreements and then receive goods for fraudulent purposes.
Enter unauthorized items to a purchasing agreement and create an invoice to obtain those items
for personal use
Risk of modifying service master data (to add a service that is normally not ordered by the
company) and the entry of covering payments
Risk of entering unauthorized payments and reconcile with the bank through the same person.
Inappropriately procure an item and manipulating the IM physical inventory counts to hide.
Inappropriately procure an item and manipulating the WM physical inventory counts to hide.
Release a non bona-fide purchase order and the action remain undetected by manipulating the
IM physical inventory counts
Release a non bona-fide purchase order and the action remain undetected by manipulating the
WM physical inventory counts
Enter fictitious vendor invoices and then render payment to the vendor
Receive or accept services and manually enter the covering check payments
Commit the company to fraudulent purchases and initiate manual check payments for
unauthorized goods and services.
Enter fictitious purchasing agreements and then render manual checks for payment
Risk of modifying service master data (to add a service that is normally not ordered by the
company) and the entry of covering payments
Risk of entering unauthorized manual payments and reconcile with the bank through the same
person.
Where release strategies are utilized, the same user should not maintain the purchase order and
release or approve it.
Make an unauthorized change to the master record (payment terms, tolerance level) in favor of
the customer and enter an inappropriate invoice.
Inappropriately create or change rebate agreements and manage a customer's master record in
the favor of the customer. Could also change a customer's master record to direct payment to
an inappropriate location.
Potentially clear a customer's balance before and create or make the same change to the billing
document for the same customer, clearing them of their obligation.
Manipulate the user's credit limit and assign generous rebates to execute a marginal customer's
order.
Create a billing document for a customer and inappropriately post a payment from the same
customer to conceal non-payment.
Change the accounts receivable records to cover differences with customer statements.
Perform credit approval function and modify cash received for fraudulent purposes.
Risk of the same person entering changes to the Customer Master file and modifying the Cash
Received for the customer.
Risk of modifying and entering Sales Invoices and approving Credit Limits by the same person.
User can create a fictitious customer and then issue invoices to the customer.
User can create/change an invoice and enter/change payments against the invoice.
User can create fictitious/incorrect delivery and enter payments against these, potentially
misappropriating goods.
User able to create a fraudulent sales contract to include additional goods and enter an incorrect
customer invoice to hide the deception.
Modify payroll master data and then process payroll. Potential for fraudulent activity.
Change employee HR Benefits then process payroll without authorization. Potential for
fraudulent activity.
Change to master data and creating the remittance could result in fraudulent payments.
Change payroll master data and enter time data applied to incorrect settings.
Change configuration of payroll then modify payroll master data resulting in fraudulent payments
Users may enter false time data and process payroll resulting in fraudulent payments.
Users may maintain employee master data including pay rates and delete the payroll result
Users may enter false time data and perform work schedule evaluations
A developer could modify an existing program in production, perform traces to the program and
configure the production environment to limit monitoring of the program run by increasing alarm
thresholds and eliminating audit trails through external OS comma
A developer could create or modify a program in production and force the transport of these
changes after the fact to conceal irregular development practices. This also enables the
reverting back to the program's original version without any trace of the changes made in
production.
A developer could modify program components (menus, screen layout, messages, queries) and
configure the production environment to limit monitoring of the program runs using the modified
program components by increasing alarm thresholds and eliminating audit trail
A developer could modify program components (menus, screen layout, messages, queries) and
force the transport of these changes after the fact to conceal irregular development practices.
This also enables the reverting back to the program components origin
An individual could modify data in tables or modify valid configuration values and setup the
production environment to run transactions and programs using the inappropriately modified
data. This could affect data integrity, system performance, and proper
An individual could modify data in tables or change valid configuration and replicate these
changes to other clients. This is particularly sensitive if client administration transactions come
with client-independent authorization allowing the developer to
An individual could inappropriately modify roles and assignments and reflect this change to the
production's mirror copy eliminating the chance to revert to the appropriate setup.
A security administrator could make inappropriate changes to unauthorized security roles,
transport them, and assign them to a fictitious user for execution.
Can create transports, add objects to the transport, and move the transport: Can put
unauthorized object changes into production, bypassing the Change Control process.
Can reset the number ranges (1) and delete your log/audit trail (2).
One person controlling both the access in the profile/role and the user Ids increases the risk of
inappropriate access
Unauthorized maintenance of planning model and version may adversely impact the production
planning data stored in APO. This transaction should be limited to selected demand planning
super user or manager.
Unauthorized deletion of active planning version may adversely impact the production planning
data stored in APO. This transaction should be limited to selected demand planning super user
or manager.
Unauthorized maintenance of planning model and version may adversely impact the production
planning data stored in APO. This transaction should be limited to selected demand planning
super user or manager.
Access to maintain macros/rules should be controlled via change management process.
Unsupported or incorrect adjustments are made to the macros/rules may result in inaccurate
production planning and production scheduling.
A user could create a fictitious business partner and initiate fraudulent sales orders for that
partner. Master data such as business partners should not be maintained by the same users
who process transactions using that master data.
Inappropriately create or change sales documents and generate the corresponding billing
document in CRM.
Inappropriately create or change sales documents and generate the corresponding billing
document in R3.
Enter fictitious service orders for personal use and accept the services through service
acceptance. The user could prompt fraudulent payments. In addition spare parts could be
fraudulently issued from inventory as a result of the confirmation.
User can create a fictitious business partner and then process billing in CRM for that partner.
User can create a fictitious business partner and then process billing in R3 for that partner.
Inappropriately accept or confirm a service order and generate a corresponding billing document
in CRM for the order.
Inappropriately accept or confirm a service order and generate a corresponding billing document
in R3 for the order.
User could create a fictitious credit memo and run billing due in CRM to prompt a payment to a
customer. The customer could provide a kickback to the internal user.
User could create a fictitious credit memo and run billing due in R3 to prompt a payment to a
customer. The customer could provide a kickback to the internal user.
A user could enter a sales order in CRM and lower prices via conditions for fraudulent gain
Commission or Incentives may be paid based on the number of qualified leads. Inappropriately
qualified leads could result in fraudulent commission payments.
Fraudulent
Commission or Incentives may be paid based on the number of sales orders. Fraudulent orders
could be entered to achieve higher sales reporting for commissions.
Maintain a fictitious vendor and enter an invoice to be included in the automatic payment run
Enter fictitious orders for personal use and accept the goods or services through goods receipt
or service acceptance
Enter fictitious invoices and accept goods or services via goods receipt or service acceptance
A user can hide differences between bank payments and posted AP records.
Accept goods via SRM goods receipts and perform a WM physical inventory adjustment
afterwards.
Accept goods via SRM goods receipts and perform IM physical inventory adjustment afterwards.
Accept goods via SRM goods receipts and perform IM physical inventory adjustment afterwards
using powerful IM transactions
Enter fictitious orders for personal use and access the goods or services through goods receipt
Enter fictitious orders for personal use and access the goods or services through service
acceptance
Approve the purchase of unauthorized goods and hide the misuse of inventory by not fully
receiving the order in R3
Where release strategies are utilized, the same user should not maintain the purchase order and
release or approve it.
Create a fictitious vendor or change existing vendor master data and approve purchases to this
vendor
Enter fictitious orders for personal use and manipulate the organizational structure to bypass
approvals
Create or maintain fictitious vendor and manipulate the organizational structure to bypass
approvals or secondary checks
Initiate purchases to selecting goods to be included in a shopping cart then approving the
purchase
AP/AR/GL master data creation and posting functions in conjunction with payment processing,
receipt of money, GL account access; and the ability to modify ECCS hierarchy and reporting
output
AP/AR/GL master data creation and posting functions in conjunction with payment processing,
receipt of money, GL account access; and the ability to modify ECCS hierarchy and reporting
output
AP/AR/GL master data creation and posting functions in conjunction with payment processing,
receipt of money, GL account access; and the ability to modify ECCS hierarchy and reporting
output
AP/AR/GL master data creation and posting functions in conjunction with payment processing,
receipt of money, GL account access; and the ability to modify ECCS hierarchy and reporting
output
AP/AR/GL master data creation and posting functions in conjunction with payment processing,
receipt of money, GL account access; and the ability to modify ECCS hierarchy and reporting
output
AP/AR/GL master data creation and posting functions in conjunction with payment processing,
receipt of money, GL account access; and the ability to modify ECCS hierarchy and reporting
output
AP/AR/GL master data creation and posting functions in conjunction with payment processing,
receipt of money, GL account access; and the ability to modify ECCS hierarchy and reporting
output
AP/AR/GL master data creation and posting functions in conjunction with payment processing,
receipt of money, GL account access; and the ability to modify ECCS hierarchy and reporting
output
AP/AR/GL master data creation and posting functions in conjunction with payment processing,
receipt of money, GL account access; and the ability to modify ECCS hierarchy and reporting
output
AP/AR/GL master data creation and posting functions in conjunction with payment processing,
receipt of money, GL account access; and the ability to modify ECCS hierarchy and reporting
output
AP/AR/GL master data creation and posting functions in conjunction with payment processing,
receipt of money, GL account access; and the ability to modify ECCS hierarchy and reporting
output
AP/AR/GL master data creation and posting functions in conjunction with payment processing,
receipt of money, GL account access; and the ability to modify ECCS hierarchy and reporting
output
AP/AR/GL master data creation and posting functions in conjunction with payment processing,
receipt of money, GL account access; and the ability to modify ECCS hierarchy and reporting
output
AP/AR/GL master data creation and posting functions in conjunction with payment processing,
receipt of money, GL account access; and the ability to modify ECCS hierarchy and reporting
output